Cyber security is not a priority for most UK businesses
Despite the constant warnings experts keep giving out to businesses concerning cyber-security, UK’s firms won’t be prioritizing it in the next 12 months.
This is according to a new quarterly survey by Close Brothers. Its key takeaway is that 63 percent of companies decided not to invest in better security, while the other 37 percent decided to do so.
The biggest problem with these results is that they show how UK’s businesses are not in line with the upcoming GDPR (General Data Protection Regulation). The GDPR, kicking off in mid-2018, will dictate how companies use and share their customers’ data, as well as set up certain cyber-security standards.
"Businesses of all sizes should be aware of their responsibility when it comes to protecting customer data", says Ian McVicar, managing director, Close Brothers Technology Services. "Keeping customers’ details safe are at the core of the EU’s new data protection legislation, General Data Protection Regulation (GDPR), which was adopted in April 2016 and takes effect within two years".
"It is intended to strengthen and unify data protection for individuals within the EU and the penalty for non-compliance, which is up to four percent of annual revenue or €20 million, whichever is the higher".
The majority of UK’s firms (57 percent) are worried about cyber-crime, while 36 percent aren’t. Less than half (41 percent) feel adequately protected, and 17 percent are "unsure of their levels of protection".
More than a fifth (21 percent) "haven’t had time to look into it", even though they know it’s an important issue. Another 21 percent don’t think it’s an issue for their business.
More than half (51 percent) say they had data breach policies around the use of email, internet and mobile devices. More than a third (38 percent) say no, and 11 per cent are unsure.
Adam Palmer, director of International Government Affairs at FireEye comments:
The EU NIS directive will have a fundamental impact on the way that most organizations in European Union member states implement security policies and report breaches. Organizations of all sizes will now need to adopt mitigation measures that will manage risk stemming from zero-day exploits and never-seen-before malware as these attacks constitute the majority of advanced attacks in today’s threat environment. In the wake of Brexit, in practical terms UK organizations should, of course, still look to be compliant with this new European legislative measure. Baring in mind that the timeline for UK withdrawal from the EU is at least two years it will be expected that the UK comply with the new law, which will come into effect in May, 2018. Timeframes aside, in future the UK will still be subject to this legislation where UK companies process EU citizens’ personal data in connection with their offer of goods or services, or if they provide 'monitoring' activities. The same applies if a group company is located in the EU or have staff operating within any EU member state. Long-term, the UK will need to ensure it finds a way to be considered as a country with an adequate level of data protection, so that neither data storage or data transfer will prove problematic.
Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.
Photo credit: badins / Shutterstock